TWiki>
CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialR4 (2005-04-27, MikePatterson)
EditAttach
CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialR4 (2005-04-27, MikePatterson) EditAttach Next-Generation Security Tools
Security policy includes what you are securing - include assumptions (like physical security: "we assume that the building is secured against unauthorized entry").
"Attack surface" - lots or little ports listening, what they do, etc
Some switches revert to hubs when they get overloaded - switched networks aren't safer. (But we knew that already, ettercap.)
NSA has OS security guidelines on their site.
Sample intrusion policy for us:
- PCs
- research group servers
- core servers
- sysadmin staff workstations
- Pointsec (Win32)
- Mobile Armour (Win32, Linux, maybe Mac OS X)
- people had bad experiences with PGP Disk
- File Vault - ambivalent
- Built in Windows agent is ok, but uses escrow by default - and it's the local admin, unless you change it
Edit | Attach | Topic revision: r1 - 2005-04-27 - MikePatterson
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback